OpenSSL copyright?

[levitte]

There are a number of files in oqsprov/ that have the OpenSSL copyright boilerplate, which gives copyright to the OpenSSL Authors, which I understand is historical, since this was previously a patchset for OpenSSL proper.

I don't think that's something you want at this point, and I can't see anything wrong with simply removing that boilerplate. What you still have in there that could remind anyone of the built-in OpenSSL providers, it's mostly bread-and-butter lines that are only vaguely similar.

[baentsch]

ACK. We'd probably take the (lib)OQS marking route. Looking at that again, though, // SPDX-License-Identifier: Apache-2.0 AND MIT is a "bit terse".... @dstebila Suggestions?

[dstebila]

In liboqs for files we created, we did not put individual license information in each file beyond the SPDX-License-Identifier header, but there was a LICENSE.txt at the root which contained that information. I think that would be okay here.

[baentsch]

Resolved with d6223cb

[levitte]

You missed a spot 😉

oqs-provider/test/oqs_test_groups.c

Lines 17 to 24 in d6223cb

	/*
	* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	*
	* Licensed under the Apache License 2.0 (the "License"). You may not use
	* this file except in compliance with the License. You can obtain a copy
	* in the file LICENSE in the source distribution or at
	* https://www.openssl.org/source/license.html
	*/

[baentsch]

You missed a spot

Thanks for the catch. And it was more than one. Lesson: No change too small to not botch it :-( Hopefully #5 gets this right. I won't bother you to review it (but won't stop you :-)

[levitte]

[ahem] I might look over your virtual shoulder a little now and then. Just the fact that others are already playing with external provider is exciting